1. Update! Update! Update!
Security gaps are closed most effectively by updates. Software, operating system and especially the virus scanner should always be up-to-date. Learn more.
2. Use different passwords
Avoid using the same user name and password for different accesses (for example, TU access and bank account.) Further tips on password security can be found here .
3. Think first, click afterwards
Phishing and blackmail trojans are very much in fashion! Be careful with links and attachments. Inform yourself regularly! You can find more information about phishing here .
4. Lock your screen when you leave your workplace
You can set this automatically or press the WINDOWS key + L on exit.
5. Backup! Backup! Backup!
Back up your data often and regularly on a suitable storage medium and keep it in a safe place. A secure backup is your only insurance against blackmail trojans and hardware failures. Learn more.
6. Minimum principle
Always give as little information as possible, really only the most necessary.
7. Do not automatically click “OK”,…
… “Next”, “Yes”, “Agree” or “Accept”. First read the conditions or declaration of consent carefully!
8. Be careful with “Free-Ware
Free-Ware is often not cheap: You pay with your data!
9. Only the admin is admin
Keep your own rights low. Only work as ”admin" if you are actually in this role. The daily work should never be done on an administrator account.
10. Report an IT security incident
Your device was attacked? You suspect a virus, trojan or similar? Get professional help here , before a big, irreparable damage occurs!
Many people make and maintain contacts via the internet, sharing photos and videos online with family, friends and colleagues. They create a personal profile on Instagram, TikTok, Facebook etc., which, in addition to basic information about themselves, can also contain information about hobbies, family relationships or professional careers.
Social media are full of the exchange of information, photos of friends and videos from vacations. This massive amount of data also brings risks that you should be aware of. Then you decide by yourself where and when you disclose information and which services you do or do not use.
What is dangerous about leaving a lot of data about yourself on the internet?
Once data, images or texts are on the Internet, you have lost control over them. If something has been shared online, you can't get it back. It is almost impossible to delete something completely on the Internet, because you often don't know who has already seen, shared or even saved the data.
In addition, videos, texts and especially images can be published by third parties on other sites on the Internet or misused for other purposes.
Identity theft is one of the risks of the digital age. Criminals take over the identity of another person in order to impersonate them, communicate in their name, or possibly misuse them for criminal offenses or illegal online transactions.
To do this, it is often enough to copy a person's profile picture and name and create a new user account. The more information the criminals find about you in social networks, the more genuine they can make look the fake identities.
Another variant: the criminals hack existing real user accounts and take control of them.
If it is publicly visible on the Internet that you are a member of a certain social network and, for example, your name and e-mail address can be viewed, criminals can use this to send you targeted phishing e-mails, such called spear phishing. And again, the more information an attacker has about you, the better and harder the attacks are to detect.
Then, for example, you receive a fake email from the social media provider asking you to check your data. Attached is a link that leads to a fraudulent page. If you enter your access data there, they are in the hands of the criminals.
Cyber criminals often send messages that contain a link to manipulated websites. Malware is then spread via these pages. A well-known example of this is the “Koobface” worm, which was spread via Facebook and MySpace. From previously infected accounts, invitations were sent to other users to watch a video. When the recipient clicked on the link, they were redirected to a fake Facebook or YouTube page, where they were prompted to download the Flash player. Behind the offered download was the worm, which was able to spread further and further.
Those who know a lot about you and your interests can formulate messages that interest you and are more likely to entice you to click.
Every social network offers numerous settings to protect your privacy. Use them especially if you want only your friends to see your profile and posts. You can also set search engines to ignore your profile. The less personal data you publish, the less of a target you are for criminals who want to take over your digital identity, for example.
Only include people you know in your friend or contact list and by whom you are sure they are authentic user profiles. If you receive dubious contact requests from friends ask outside social networks about the authenticity of these messages.
If you want to close an account, back up your data outside the network if necessary and then delete it from the account. Follow exactly the provider's procedure for deleting the user account. In some cases, this also includes not logging back in within a certain period of time.
When registering for a service, only disclose as much of yourself as is absolutely necessary. And: Is what the service considers necessary really necessary? For example, you should hide your date of birth, if possible. If data is requested that you do not want to provide, consider whether you really want to use the service or whether there might be an alternative.
Social networks are operated by profit-oriented companies, most of which finance themselves through advertising. The general terms and conditions (GTC) provide information about how the provider handles your personal data and how it is passed on to the advertising industry. Familiarize yourself thoroughly with the GTC and data protection regulations before you create a profile.
Some social networks grant themselves rights of use to your publications. This means, for example, that you transfer the rights to use your photos and videos to the operator of the social network. It is also quite common for granted usage rights to remain in effect even if you leave the network and delete your profile. Before publishing, consider whether you want to share the rights on your images and texts.
Secure passwords are an important part of personal IT security. The longer a password is and the more character types (upper and lower case letters, numbers, special characters) a password contains, the more difficult it is to crack. See also door number 2 .
No password should be related to your family, hobbies, job, etc. This is especially true if there is a lot of information about you in social networks.
And: Set a separate password for each of your online accounts. If one account is hacked, the others are still protected. Password managers can help you create and remember passwords. See door number 3 .
If you use social networks via apps, always make sure that you use the latest version and install (security) updates immediately or even (semi-)automatically. Install apps only from official and secure sources, such as the official app store on your mobile device.
This section is largely composed of information and texts taken from the websites of the German Federal Office for Information Security (BSI) on the subject of security in social media security in social media.
Two factor authentication (2FA) is, when an additional factor is used to secure logins, in addition to the password entry (factor “knowledge”). A frequently used method is an additional one-time password generated in a special app on your mobile phone. In that case, the second factor is “Ownership” because you need to own your mobile phone.
This second factor makes it much more difficult for attackers to crack your account, because it is no longer sufficient to get your password, for example by phishing.
Especially important: Your private e-mail box
Therefore: Always activate two factor authentication (2FA) if it is available, especially for important accounts. One example of such an important account is the private e-mail box. Many people use it as contact address for resetting passwords of other accounts. An attacker who gets access to your mailbox can capture all accounts linked via the recovery function. A very good reason to accept the small additional effort of 2FA.
A short video
Take a short look, even if it is only available in German.
